Hi, I have the following issue: If I configure the SSLSocketFactory with STRICT_HOSTNAME_VERIFIER so that the CN of the certificate send by the server is checked against the hostname, the comparison is done only via strings. What I mean is, that if the certificate (sent by the HTTPS server) has as CN an IP e.g. 10.4.2.1 but the user writes in the address bar https://secureserver/ (i.e. uses a domain name) but that name can be resolved (reverse lookup) to the IP 10.4.2.1 e.g. is in the windows hosts file, I still get the following exception: javax.net.ssl.SSLException: hostname in certificate didn't match: <secureserver> != <10.4.2.1> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220) at org.apache.http.conn.ssl.StrictHostnameVerifier.verify(StrictHostnameVerifier.java:61) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
I was expecting that the secureserver would be mapped to the IP and the certificate would be accepted. Is this a bug that has been fixed (I am using httpclient 4.0.1) or it is intended to be this way? Thanks
